The focus of this work is to find ways to make attribute-based encryption (ABE) more
suitable for access control to data stored in the cloud. However, ABE provides a flexible
solution for ``one to many'' encryption, its adoption to the cloud environment require
further refinement. One such issue is the assumption that secret key requests can
be verified by one central key generator authority, which is often not realistic.
The other is the problem of user revocation, for which a solution is essential in
every real-word system, where unexpected events may occur. In contrast to the technically
difficult multi-authority schemes (with user revocation feature), we investigate the
feasibility of a much simpler approach: enabling secret key delegation in single authority
schemes (with user revocation feature). We show key-delegation algorithm for one of
the most important single authority ABE construction, and also for its extension that
allow user revocation, thus achieving the desired features.
